Apache MyFaces versions 2.2.13 and below, 2.3.7 and below, 2.3-next-M4 and below, and 2.1 and below suffer from a cross site request forgery vulnerability.
a8e80747410cdf24bd08eed09d1cb041Trend Micro InterScan Web Security Virtual Appliance (IWSVA) versions below 6.5 SP2 EN Patch 4 Build 1919 suffers from bypass, command execution, cross site request forgery, cross site scripting, and server-side request forgery vulnerabilities.
0011367f30c2126b8da594f31400e629Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) versions prior to 9.1.0 Critical Patch Build 2025 suffer from XML injection, over-privileged access, cross site request forgery, file disclosure, server-side request forgery, information leakage, and various other vulnerabilities.
dfa15ee9d60763987a67c4ef7525645aeIDAS-Node versions 2.3 and below suffer from an authentication bypass vulnerability.
65072a0c9c2296301838749bb045f471OpenPGP.js versions 4.2.0 suffer from invalid curve attack, message signature bypass, and information trust vulnerabilities.
c92ec18b969566f5f60471e1704c783dOSCI-Transport Library 1.2 for German e-Government versions 1.8.1 and below suffer from an insecure cryptographic implementation and signature bypass vulnerabilities.
7d8dfcb6bbea4a458be7237a76e44121Kerio Control VPN Protocol versions 9.2.7 and below have an issue where the cryptographic protocol employed exhibits severe design issues.
5ae6f2e18eea71c217129418afa93006Governikus Autent SDK versions 3.8.1 and below suffer from a signature bypass vulnerability. This vulnerability could allow an attacker to impersonate any German citizen on a vulnerable web application.
66a2046d90ce6dc8fd56bd9619e0ad54Citrix StorageZones Controller versions prior to 5.4.2 suffer from padding oracle, improper access restriction, and path traversal vulnerabilities.
25f551df2535dadd811ace404a1ecd28Oracle Access Manager versions 11.1.2.3.0 and 12.2.1.3.0 suffer from an authentication bypass vulnerability.
b2d1fa8ff54174534c11d0df06d323ddSecurEnvoy SecurMail version 9.1.501 suffers from cross site request forgery, cross site scripting, insecure direct object reference, missing authentication and authorization, and path traversal vulnerabilities.
34ce6bc45859e685368a551d86ff08e2Micro Focus VisiBroker C++ version 8.5 SP2 suffers from multiple memory corruption vulnerabilities.
49e5b10ae54b8581b0809387e9a79239OSCI-Transport library version 1.2 for German e-Government suffers from padding oracle, signature wrapping, and XML external entity injection vulnerabilities.
852b54bfa71394caa84d2551937c6f52Guidance Software EnCase Forensic Imager versions 7.10 and below suffer from a stack-based buffer overflow vulnerability.
187545df23898b8d46492129016e88f4EnCase Forensic Imager versions 7.10 and below suffer from denial of service and heap-based buffer overflow vulnerabilities.
1c5bac58a0fdaf56c3881bb3ed6e6585Micro Focus GroupWise version 2014 R2 SP1 and below suffer from buffer overflow, cross site scripting, and integer overflow vulnerabilities.
6b54a385df31372c3fbf7bd670761a24Multiple Micro Focus Filr appliances suffer from cross site request forgery, cross site scripting, command injection, insecure design, missing cookie flag, authentication bypass, poor permission, and path traversal vulnerabilities.
a5fc9da404b4e72d05033b99d55f7fbcWSO2 Identity Server version 5.0.0 suffers from XML external entity injection, cross site request forgery, and cross site scripting vulnerabilities.
cab780534e71ce8a0a440f53b27066eaKodi/XBMC versions 14 and below suffer from a cross site request forgery vulnerability.
2b1422311d81ea0e325951bcd953ad3eNetIQ eDirectory NDS iMonitor versions 8.8 SP8 and 8.8 SP7 suffer from a cross site scripting vulnerability.
aee8af210596cb47ba67c201dc2dfff7NetIQ Access Manager version 4.0 SP1 suffers from cross site request forgery, external entity injection, information disclosure, and cross site scripting vulnerabilities.
28770947a64f6a9552aa49662c955abeG-Parted versions 0.14.1 and below suffer from a root privilege escalation command execution vulnerability.
28d3c773f64a591079003cff8dc0d441ADF Faces version 12.1.2.0 suffers from a cross site scripting vulnerability.
92cfe913c70c05fd20b854dbac5bf753Rhythm Software File Manager version 1.16.6 and Rhythm Software File Manager HD version 1.11.5 suffer from local file disclosure, privilege escalation, and unauthenticated remote command injection vulnerabilities.
f9a496de63fd6fbd9f9526c0873be934Symantec Web Gateway versions 5.1.0.* and below suffer from cross site request forgery, cross site scripting, command injection, and remote SQL injection vulnerabilities.
eba6575ed59d8f516b66606c704e60c2
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed